Blog Posts

Hey guys, I just wanted to share my experience with getting this cable set up and running. First, I just want to say i'm extremely disappointed that Hak5 released this device without proper documentation or support. Absolutely nothing on docs.hak5.org

I digress. I am going to share my experience with the O.MG cable, and try to lay out some questions that i've either had myself, or have seen come up in other forums. Please note, I don't work with the developer MG, so I may not be able to answer some questions. So here's what i've learned so far........

How to set up

So like most people, I don't read the little cards that come with the products. I unwrap, head to docs.hak5.org and jump in. Well, with the O.MG cable, READ the card. It shows you the site to go to in order to get started

So I downloaded and ran the setup script using defaults. Plugged it into the windows machine, opened my wifi settings on my phone to connect annnnndddd.... nothing

Turns out, to connect you actually have to select the "AP" option during setup, and NOT STATION. Guess what? This was actually in the README.md lol. So moral of this story... READ THE DOCUMENTATION AS DIRECTED

USAGE

So I tried again. Plugged the cable into the victim machine and tried to connect to it through my phone. Voila, i'm connected. Then just surf to 192.168.4.1 on your phone browser to get to the interface.

SCRIPTS

So, apparently the O.MG cable doesn't come with any useful scripts preloaded. While in the O.MG interface, I went to LOAD > Example Scripts. Nothing particularly useful. They are exactly what they claim to be... just samples of scripts. But if you know powershell or cmd, then by studying the scripts you can figure out how to write your own. Just remember that anything you want typed into the terminals/command prompts, has to be proceeded by the word STRING as shown in the example scripts.

I GOT 99 PROBLEMS, AND LAUNCHING CMD IS ONE

So launching an example script the first time worked. It opened a run box, ran some powershell, then disconnected. Awesome. So I decided to modify one line of the script to just launch cmd.exe and run ipconfig. Annnnnddd... didn't work. As many times as I tried, running the script didnt launch the cmd. You hear the windows "error beep". Run script again, same thing. Reboot pc, run script, it works the first time, then again get the windows error beep. This is one piece thats not only annoying, but I really cant figure out why it does it. Ill provide my sample script below. Give it a try. It runs IPCONFIG, stores the results in a text file.

CUSTOM SCRIPT

GUI R

DELAY 2

STRING cmd.exe

DELAY 1

ENTER

STRING ipconfig /all > C:\tools\test.txt

ENTER

DELAY 3

STRING exit

ENTER

All scripts should be entered within the O.MG web interface

FAQ

So you've made a custom script, and its not executing or somethings not quite right. Have you checked the following?

1. My script won't run in an administrative context - The user that is currently logged on must have administrative privileges.

2. Windows won't launch the run dialog, and the script keeps continuing in the wrong context - Tbh, this is one that I haven't really figured out. It seems that if the focus isn't on the desktop itself, it's hit or miss when invoking the run box.

3. Windows won't launch the run dialog at all - Try using different commands. By default, the scripts use "GUI R" to launch the run dialog or terminal windows. First, ensure that the commands you're using are actually for the OS you're attacking. Second, you can replace GUI R with WINDOWS to launch the start menu and type from there. See example below:

DEFAULT

GUI R

Delay 1

STRING cmd.exe

ENTER

TRY THIS

DELAY 1

WINDOWS

DELAY 1

STRING cmd.exe

ENTER

4. When running a script, sometimes a single key is entered multiple times when typing - This is a weird bug that I keep experiencing, and theres no response yet (at least not one that i've noticed) in regards to this issue. An example of this would be the cable launches a terminal or cmd window. Instead of typing ipconfig /all, it'll type ipconnnnnnnnnnnnnnnnnnnnnnnnnnnn. Not sure why this happens, but its a known issue. When this happens, consider the rest of your attack hosed. There's no abort button, so yank that cable, and walk away whistling with your hands in your pocket.....

5. Does the cable have internal storage? So far, the answer seems to be no. Any scripts you want to run can be ran from within the devices application. Those scripts can be saved into one of the empty slots on the device. To save the script, just click "SAVE" at the bottom of the app, and select a slot to save your custom script. From my understanding, there's not enough storage to exfiltrate date. The storage is just large enough to store your payloads, not exfiltrate data. So if you want to exfiltrate anything, you must direct the payload to send the data to an external source

6. My script is too long, and it doesn't allow me to finish it within the application - The cable has its limitations. To remedy this issue, you could save a custom script onto a site like github. Then from within the cables app, write a script to download and invoke it externally (wget on powershell?)

7. I can't flash the firmware! To flash the firmware, you MUST have the developer hardware. Please make sure to purchase the O.MG cable programmer along with the cable itself. You can get it at https://shop.hak5.org/products/o-mg-cable?variant=31269901926513. Simply plug the cable into the programmer, then plug the programmer into your computer. Download the firmware, and run the binary or script as appropriate. Alternatively, you can update the firmware from within the web interface as shown below

8. My cable types so slow.... my rubber ducky can type the same things in a flash! Well, then go buy a rubber ducky. Not all tools will run the same. Also, this cable is brand new to the market and has a lot of bugs to work out. To be honest, i'm ok with the speed at which it types. It allows me to see where my scripts are failing, and notice things such as the "sticky key" effect. If you're worried about the speed, you can do two things. Either keep your target busy (a little conversation can buy you a lot of time), or write a shorter script that invokes the rest of your script.

9. Does this support 5 GHz? No

10. Can I attack the mobile phone that the cable is attached to? The short answer is no, the cable isn't designed for this. Thats not to say that you cant use it to download a mobile device payload (such as meterpreter) and attack the device. But youll have to be creative and make your zombie PC do the work. However, success will depend on the phones security settings (TURN OFF USB DEBUGGING PEOPLE!) and whether or not you can directly interface with it using the victims PC.

11. When setting Delays, what do the numbers denote? The number you specify when invoking delays are in seconds, NOT milliseconds

12. Will the cable charge the victims phone? Yep. The cable acts as any off-the-shelf charging cable. It'll both charge and allow for data transfers. The cable itself is completely stealth.

13. When running the scripts, will the victim see the commands being sent? Yes, absolutely. Which is why its imperative that you keep them busy when executing them ;)

14. When cable is plugged in, the "Driver installing" notification says "O.MG Cable Per developer, try modifying/manually setting the MFG/PRO/SER attributes in your payload. These can be modified with the VID/PID syntax. You can lookup custom VID/PIDs here http://the-sz.com/products/usbid/

15. Can the cable grab passwords from the cell phone it's attached to? No. The device is designed to compromise the PC it's attached to, not the cellular device. The cable is designed to look like a phone charger for the purpose getting users to trust the device enough to plug it into their PC. You may however, be able to develop a payload that will leverage the compromised PC to relay attacks to the cellular device. There's no active payload out there for that yet, so you must develop it on your own at the moment

16. Do I need to be present to run payloads? To execute payloads, you must be within WiFi range

CONCLUSION

In summary, this cable is a neat little device. Just be careful when using it until all the bugs are worked out. Ill add more to this page as information becomes available. In the meantime, comment below with any other tips or questions, and ill try to address them as I have time.